SynCrypt 1.1

SynCrypt 1.1 from SynData Technologies provides email and file encryption and more. Its workgroup features, ability to work with most Windows applications, and ease of use set it apart from other encryption products. SynCrypt supports various digital security and data encryption features: In addition to file and email encryption, it can encrypt selected portions of a document with Bikini encryption or use steganography to hide an encrypted file within a graphics file. SynCrypt also includes several mechanisms for exchanging cryptography keys, supports digital signatures, and simplifies secure management of user IDs and passwords.

SynCrypt Setup Installing SynCrypt was a breeze. The setup program uses a standard Windows installation wizard that ran in less than 3 minutes. The wizard presents you with the typical screens to approve the license terms and specify an installation directory. The only other question the wizard asks you is whether you want to point to a shared LAN directory where users can share keys.

SynCrypt expects to find Windows Dial-Up Networking (DUN) running on your computer, even if you have a full-time Internet connection. Unfortunately, the documentation doesn't mention this requirement. Without DUN installed, SynCrypt displays a series of cryptic error messages when you try to send a public key to someone via email.

The installation program creates a SynCrypt program group under Windows 95 and Windows 3.x. However, the documentation fails to mention that the program doesn't create a SynCrypt program group for Windows NT. Instead, the software creates a shortcut folder at %systemroot%\startmenu\programs\syncrypt. To add a SynCrypt program group to the NT Start menu, you must move this folder to %systemroot%\profiles\all users\start menu\programs.

During the installation process, SynCrypt associates its .syn file type with the syncrypt.exe program. By default, SynCrypt assigns this file type to encrypted files, digitally signed files, and public or private keys you email to other users sending or receiving encrypted files. When you double-click a .syn file, SynCrypt recognizes the file type and decrypts, verifies, or adds the encryption keys as appropriate. After you install SynCrypt on your network, you can publish your public keys to a shared directory so that other users in your workgroup can access the keys.

How Safe Is Your Private Key? To use SynCrypt, you have to log on with a user ID and passphrase, just as you would with any secured system or application. SynCrypt creates a portable copy of your user ID, so you can take it with you to use from your home or laptop computer. As an added security option, SynCrypt lets you specify an inactivity timeout, after which time the software logs you out.

Your passphrase is a critical component of the security process. Without it, you can't access your encrypted data. Acknowledging the imperfection of human memory, SynCrypt includes a procedure to help you recover a forgotten passphrase. SynCrypt gives you a list of 75 personal questions, such as "What was the last name of the first person you had a crush on?" and "What city did your oldest aunt live in when you were growing up?" You select 27 of these questions, as Screen 1 shows, and supply the answers. To recover your passphrase, you must correctly answer 25 of the 27 questions. From the nature of the questions, only a psychic or an FBI investigator could obtain your passphrase.

SynCrypt also supports group keys that let any member of an authorized group encrypt and decrypt information. When you add a new member to a group, SynCrypt sends the group keys to that person so that the software can add the group information to the person's key file. After you set up the group, members can share secured files and documents without worrying about other prying eyes.

Getting into SynCrypt SynCrypt offers two user interfaces: a standard application window and a floating toolbar. The software displays the standard application window when you first log on, as Screen 2 shows. If you double-click the button bar in the application window, the window shrinks to a floating customizable toolbar. An always-on-top feature keeps the floating toolbar visible at all times. The feature effectively adds encrypt and decrypt buttons to your favorite email, word processing, and other text-based programs.

Standard file encryption is easy with SynCrypt. You select the file and the user or group you want to receive the file. SynCrypt uses a hybrid encryption process. First, SynCrypt encrypts the data with your choice of a single-key encryption algorithm and a randomly generated key. SynCrypt then uses the recipient's public key to encrypt this randomly generated key. SynCrypt defaults to using Blowfish encryption, but you can also use the International Data Encryption Algorithm (IDEA), Data Encryption Standard (DES), and Triple DES encryption. The default encryption process (Blowfish) is remarkably quick. To change the default encryption algorithm, select Options from the Setup menu, and select the new algorithm from the SynCrypt setup options panel.

An interesting feature of the product is SynCrypt's Vault directory. Moving a file to a SynVault directory automatically encrypts the file, and dragging a file out of the directory decrypts the file. The installation procedure creates a default SynVault directory, but the software doesn't automatically activate it. To activate the SynVault directory or unlock (disable and decrypt) a directory on the SynVault list, select the SynVault menu from the Tools menu. From the SynVault menu, the Setup SynVault option activates automatic encryption for the selected directories. Similarly, the Unlock SynVault option deactivates automatic encryption and unencrypts existing files.

One of SynCrypt's strengths is its ability to work with any Windows application that can move text to and from the Windows clipboard. The software uses Bikini encryption, which lets you encrypt all or part of the text in an application window. SynCrypt moves text to and from the Windows clipboard for processing and comes configured for various word processors and email programs. SynCrypt uses cut-and-paste keystrokes, application menu items, or Dynamic Data Exchange (DDE) commands to support other applications.

To encrypt an entire document with Bikini encryption, click the mouse anywhere in the text and click the Encrypt button on SynCrypt's floating toolbar. To encrypt only part of a document, highlight the desired selection and click the Encrypt button on the toolbar.

As a Microsoft Exchange user and a pretty good privacy (PGP) 5 user, I miss the simplicity of the PGP add-in and its one-button access from the toolbar. SynCrypt's floating toolbar comes close, but I hope SynCrypt will add specific support for popular packages in the near future. Given the popularity of PGP, a SynCrypt-to-PGP interface would also be nice. With a means to store and use PGP keys, SynCrypt could provide one interface for both SynCrypt-based and PGP-based messages.

SynCrypt's embedded encryption option (steganography) lets you hide a file in a .bmp or .gif graphics image. Even with the data hidden in the file, the graphics image displays as you'd expect. If you list the graphics file in NT Explorer, you see the original file size; the graphics file gives no obvious indication of the data hidden within. When you combine embedded and local encryption, you can store a file or zip library that only you know about.

Trading Cryptography Keys As with any double-key encryption product, you must distribute your public key to anyone sending you secured information. To send your public key to another user, you use SynCrypt's Keys Exchange dialog box. If you can connect to the Internet, you can email your public key. With built-in Simple Mail Transfer Protocol (SMTP) support, you need to know only the other person's email address and the name of a valid SMTP server to process your request. The installation program provides a list of known mail servers to choose from. Assuming SynCrypt is running on the recipient's computer, the recipient can double-click the .syn file in the email message to receive a key. SynCrypt adds your key to the recipient's key file in a clean process. You can also use a 3.5" disk to distribute your public key to another user.

Digital Signature Support In addition to providing email and file encryption and decryption, SynCrypt provides flexible and easy-to-use digital signature verification support. Digital signatures serve two purposes: authenticating the sender's identity and verifying that the user received the data unmodified. SynCrypt uses your private signature key and the file that you want to digitally sign to create a digital signature file. SynCrypt can combine this file with the data file to create one package file, or you can keep the signature file separate from the data file and send both to the recipient.

The Password Safe Systems administrators who manage complex networks where users need multiple user IDs and passwords to access network resources can have a tough time tracking logon information in a secure manner. SynCrypt's Password Safe makes this job easy. This feature alone justifies the product's modest cost. The Password Safe maintains an annotated list of user IDs and passwords and provides several convenient features, such as a random password generator. You can double-click an entry in the Password Safe to transfer a password to the clipboard so that you can paste it into your favorite application. This feature is especially handy and can save you typing time if your application requires strong passwords (e.g., a 30-character password string requiring a combination of uppercase, lowercase, numbers, and special characters). SynCrypt also includes a backup feature so that you can copy the encrypted Password Safe to the location of your choice and easily restore it by name. Unfortunately, SynCrypt lacks a simple mechanism to update the Password Safe backup. You have to delete the existing backup or create a new one under a new name every time you perform a backup.

Wrap Up SynCrypt's various features, ease of use, and modest price make it suitable for corporate workgroup users and individual users who need to secure their project files, email, and personal information. You can download a free trial version of SynCrypt from the SynCrypt Web site. This demo allows 10 encryptions and unlimited decryptions.